Certification: Public Sector CC0

Cryptographic experts at Nanyang Technological University of Singapore (NTU Singapore) and the French national research institute of digital sciences INRIA in Paris have demonstrated a critical security flaw in a common security algorithm known as SHA-1 that would allow them to specific files and information inside them and silence them as authentic.

Researchers say it sets to rest on the ongoing debate over the continued use of SHA-1 as a security algorithm and urge companies to move quickly to use it.

SHA-1 is a hash function, a cryptography building block used in almost every digital certification process. They support the security of many digital applications in online banking, online communications and online payment gateways.

The hash function takes a long input message and creates a short digital footprint for it, called a hash value.

A hash function is considered safe if it is difficult for an attacker to find two different inputs that lead to the same hash values. When two different inputs share the same value, a “collision” is said to have occurred.

SHA-1, a hash function designed by the United States National Security Service (NSA) in the early 1990s has been integrated into many software and remains widely used, but in recent years SHA-1 security has been called for. questioned by researchers.

Since 2005, numerous defects have been considered and discovered in SHA-1. In 2017, academics from the Dutch research institute Centrum Wiskunde & Informatica (CWI) and Google created the first SHA-1 collision. showed that it was possible to find two different input messages that produced the same SHA-1 hash value.

This computational breakthrough involved the use of a huge graphics processing unit (GPU) hosted by Google, but it did not allow custom input messages to be customized.

In May 2019, NTU Associate Professor Thomas Peyrin, who teaches at the School of Physics and Mathematics, and Dr. Gaëtan Leurent of INRIA used improved mathematical methods to design the first “selective attack prefix collision” for SHA-1.

Now, using a cluster of 900 GPUs running for two months, the couple has successfully demonstrated their way to break the SHA-1 algorithm using this attack and published its details in a publication in the International Association for Cryptologic Research journal e-print website.

Both researchers presented their findings at the real-world Crypto Symposium in January this year in New York and warned that even if the use of SHA-1 is low or only used for backward compatibility, it will still be high danger to users as they are vulnerable to attacks. The researchers said their results underline the importance of completely abolishing SHA-1 as soon as possible.

The collision of the selected prefix is ​​aimed at a file type called the PGP / GnuPG certificate, which is a digital proof of SHA-1 based identity as a hash function.

The implication of this demonstration is that, unlike the 2017 CWI / Google conflict, an aggressive prefix conflict shows how specific digital documents could be forged to have a proper footprint and could appear seemingly authentic using SHA -1.

Although SHA-1 has already been phased out by industry, the algorithm is still used in many applications. They are now proven unsafe, and researchers hope that system owners will move quickly to stop using the SHA-1 algorithm.

“The aggressive prefix-type collision means that the intruder can start with either first part for both messages and freely change the rest, but the resulting fingerprint values ​​will remain the same, they will still collide,” says Assoc Prof Peyrin.

“This is all about changing the threat, because important data, such as names or identities in a digital certificate, can now be falsified. We gave an example of its impact on successfully attacking a real system, PGP (Pretty Good) Privacy) Web-of-Trust, which is a well known key certification solution.

“As a result of our work, software package developers dealing with digital certificates have already implemented their latest releases in recent months, treating SHA-1 as unsafe. It is our hope that the publication of our study will advance further to encourage the industry to rapidly move away from any use of such weak cryptographic functions. “

Newer hash functions, such as the SHA-2 family of hash functions designed in 2001, are not affected by the attack.

Professor Peyrin and his team hope to improve digital security used in other everyday digital products and services: “Going forward, we will continue to analyze algorithms that ensure the security of our daily digital applications as more services are digitized around the world.

“Our work shows that keeping computers safe is not only about developing new cryptographic systems but also about keeping up with the latest ways to break older programs. As mathematical and computational methods improve, it’s extremely important reject methods that you can no longer rely on. “

“Cryptanalysis, the art of disrupting cryptocurrencies, is a vital part of the security ecosystem – the more analysis you do in a cryptographic design, the more confidence you will have in developing and using it in your products and services,” he added. Assoc Prof Peyrin.

NIST is requesting public comment on the proposed SHA-3 cryptographic standard

More information:

SHA-1 is a Shambles Conflict – First choice-prefix in SHA-1 and implemented in PGP Web of Trust, International Union for Cryptological Research. sha-mbles.github.io/Shambles_RWC.pdf

Provided by

Nanyang University of Technology

Reference:

The critical flaw displayed in the common digital security algorithm (2020, January 24)

retrieved on January 24, 2020

from https://techxplore.com/news/2020-01-critical-flaw-common-digital-algorithm.html

This document is subject to copyright. Except for any fair transaction for private study or research purposes, no

part may be reproduced without written permission. Content is provided for informational purposes only.